Providing communication connectivity between disparate network entities located in isolated communication networks through a centralized cloud service

1. A method of providing communication connectivity between network devices that are located in isolated communication networks through a centralized cloud service, comprising: receiving, from a source end point device located in a source communication network, by a cloud service connector located in the source communication network, an initial connection request message, wherein the initial connection request message requests a connection on a port number that is contained in the initial connection request, and wherein the cloud service connector is separate and independent from the source end point device; retrieving, by the cloud service connector located in the source communication network, in response to receipt of the initial connection request message and based on the port number contained in the initial connection request message, both i) a customer name that corresponds to a destination communication network, and ii) an indication of a requested service, at least in part by using the port number contained in the initial connection request message as an index into a lookup table contained in the cloud service connector to cause the lookup table to return an entry in the lookup table corresponding to the port number and containing the customer name and the indication of the requested service, wherein the retrieved customer name and indication of the requested service name each correspond to the port number contained in the initial connection request; creating, by the cloud service connector located in the source communication network using the customer name and the indication of the requested service, a tunnel connection request message, wherein the tunnel connection request message contains the customer name and the indication of the requested service; transmitting the tunnel connection request message, by the cloud service connector located in the source communication network, to a cloud service located in a public communication network that is communicably connected to the source communication network; receiving the tunnel connection request message by the cloud service; extracting, by the cloud service in response to receipt of the tunnel connection request message, the customer name and the indication of the requested service from the tunnel connection request message; retrieving, by the cloud service further in response to receipt of the tunnel connection request message, and in response to the customer name and the indication of the requested service extracted from the tunnel connection request message, i) an identifier of a cloud service connector located in the destination communication network that corresponds to the customer name extracted from the tunnel connection request, and ii) an identifier of a destination end point device located in the destination communication network that provides the requested service, wherein the destination communication network is also communicably connected to the public communication network, and wherein network traffic on the destination communication network is isolated from network traffic on the source communication network; and conveying network traffic between the source end point device and the destination end point device through the cloud service by tunneling packets over connections i) between the cloud service connector located in the source communication network and the cloud service and ii) between the cloud service and the cloud service connector located in the destination communication network.

2. The method of claim 1 , further comprising: receiving, by the cloud service, one or more configuration management messages, wherein the configuration management messages include an access control list for the source end point device and an access control list for the destination end point device; storing the access control list for the source end point device and the access control list for the destination end point device into a connection permissions database in the cloud service; and wherein conveying the network traffic between the source end point device and the destination end point device through the cloud service includes: i) determining, by the cloud service from the connection permissions database, whether the access control list for the source end point device contains an identifier of the destination end point device, ii) determining, by the cloud service from the connection permissions database, whether the access control list for the destination end point device contains an identifier of the source end point device, and iii) conveying the network traffic between the source end point device and the destination end point device in response to determining that the access control list for the source end point device contains an identifier of the destination end point device and that the access control list for the destination end point device contains an identifier of the source end point device.

3. The method of claim 1 , further comprising: establishing multiple connections between the cloud service connector located in the source communication network and the cloud service to provide fault tolerance and load balancing between the cloud service connector located in the source communication network and the cloud service; and establishing multiple connections between the cloud service and the cloud service connector located in the destination communication network to provide fault tolerance and load balancing between the cloud service and the cloud service connector located in the destination communication network.

4. The method of claim 3 , further comprising: creating, by the cloud service, an entry in a connection routing table contained in the cloud service, wherein the entry created in the connection routing table maps i) the connections established between the cloud service connector located in the source communication network and the cloud service, to ii) the connections established between the cloud service and the cloud service connector located in the destination communication network; and wherein the cloud service, responsive to the entry created in the connection routing table that maps i) the connections established between the cloud service connector located in the source communication network and the cloud service, to ii) the connections established between the cloud service and the cloud service connector located in the destination communication network, processes packets tunneled to the cloud service by: tunneling packets that are tunneled to the cloud service on the connections established between the cloud service connector located in the source communication network and the cloud service onto the connections established between the cloud service and the cloud service connector located in the destination communication network, and tunneling packets that are tunneled to the cloud service on the connections established between the cloud service and the cloud service connector located in the destination communication network onto the connections established between the cloud service connector located in the source communication network and the cloud service.

5. The method of claim 4 , further comprising: performing data compression, by the cloud service connector located in the source communication network on packets received by the cloud service connector located in the source communication network from the source end point device, to generate compressed versions of the packets received by the cloud service connector located in the source communication network from the source end point device; tunneling the compressed versions of the packets received by the cloud service connector located in the source communication network to the cloud service through the connections established between the cloud service connector located in the source communication network and the cloud service; decompressing, by the cloud service connector located in the destination communication network, packets tunneled to the cloud service connector located in the destination communication network from the cloud service; performing data compression, by the cloud service connector located in the destination communication network on packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate compressed versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device; tunneling the compressed versions of the packets received by the cloud service connector located in the destination communication network to the cloud service through the connections established between the cloud service connector located in the destination communication network and the cloud service; and decompressing, by the cloud service connector located in the source communication network, packets tunneled to the cloud service connector located in the source communication network from the cloud service.

6. The method of claim 4 , further comprising: performing data encryption, by the cloud service connector located in the source communication network on packets received by the cloud service connector located in the source communication network from the source end point device, to generate encrypted versions of the packets received by the cloud service connector located in the source communication network from the source end point device; tunneling the encrypted versions of the packets received by the cloud service connector located in the source communication network to the cloud service through the connections established between the cloud service connector located in the source communication network and the cloud service; decrypting, by the cloud service connector located in the destination communication network, packets tunneled to the cloud service connector located in the destination communication network from the cloud service; performing data encryption, by the cloud service connector located in the destination communication network on packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate encrypted versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device; tunneling the encrypted versions of the packets received by the cloud service connector located in the destination communication network to the cloud service through the connections established between the cloud service connector located in the destination communication network and the cloud service; and decrypting, by the cloud service connector located in the source communication network, packets tunneled to the cloud service connector located in the source communication network from the cloud service.

7. The method of claim 4 , further comprising: performing data compression, by the cloud service connector located in the source communication network on packets received by the cloud service connector located in the source communication network from the source end point device, to generate compressed versions of the packets received by the cloud service connector located in the source communication network from the source end point device; performing data encryption, by the cloud service connector located in the source communication network on the compressed versions of the packets received by the cloud service connector located in the source communication network from the source end point device, to generate compressed and encrypted versions of the packets received by the cloud service connector located in the source communication network from the source end point device; tunneling the compressed and encrypted versions of the packets received by the cloud service connector located in the source communication network to the cloud service through the connections established between the cloud service connector located in the source communication network and the cloud service; decrypting and decompressing, by the cloud service connector located in the destination communication network, packets tunneled to the cloud service connector located in the destination communication network from the cloud service; performing data compression, by the cloud service connector located in the destination communication network on packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate compressed versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device; performing data encryption, by the cloud service connector located in the destination communication network on the compressed versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate compressed and encrypted versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device; tunneling the compressed and encrypted versions of the packets received by the cloud service connector located in the destination communication network to the cloud service through the connections established between the cloud service connector located in the destination communication network and the cloud service; and decrypting and decompressing, by the cloud service connector located in the source communication network, packets tunneled to the cloud service connector located in the source communication network from the cloud service.

8. The method of claim 1 , wherein tunneling packets over connections between the cloud service connector located in the source communication network and the cloud service includes encapsulating, by the cloud service connector located in the source communication network, packets received by the cloud service connector located in the source communication network from the source end point device, into the data portions of packets transmitted from the cloud service connector located in the source communication network to the cloud service over the connections established between the cloud service connector located in the source communication network and the cloud service; and wherein tunneling packets over connections between the cloud service and the cloud service connector located in the destination communication network includes encapsulating, by the cloud service connector located in the destination communication network, packets received by the cloud service connector located in the destination communication network from the destination end point device, into the data portions of packets transmitted from the cloud service connector located in the destination communication network to the cloud service over the connections established between the cloud service and the cloud service connector located in the destination communication network.

9. A system for providing communication connectivity between network devices that are located in isolated communication networks through a centralized cloud service, comprising: at least one source server located in a source communication network, wherein the source server includes memory that stores program code for execution on processing circuitry of the source server, and wherein the program code stored in the memory of the source server includes a cloud service connector located in the source communication network; at least one cloud server computer located in a public communication network that is communicably connected to the source communication network, wherein the cloud server computer includes memory that stores program code for execution on processing circuitry of the cloud server computer, and wherein the program code stored in the memory of the source server includes a cloud service; wherein the cloud service connector located in the source communication network is configured and arranged to: receive, from a source end point device located in the source communication network and that is separate and independent from the cloud service connector, an initial connection request message, wherein the initial connection request message requests a connection on a port number that is contained in the initial connection request, retrieve, in response to receipt of the initial connection request message and based on the port number contained in the initial connection request message, both i) a customer name that corresponds to a destination communication network, and ii) an indication of a requested service, at least in part by using the port number contained in the initial connection request message as an index into a lookup table contained in the cloud service connector to cause the lookup table to return an entry in the lookup table corresponding to the port number and containing the customer name and the indication of the requested service, wherein the retrieved customer name and indication of the requested service name each correspond to the port number contained in the initial connection request, create, using the customer name and the indication of the requested service, a tunnel connection request message, wherein the tunnel connection request message contains the customer name and the indication of the requested service, and transmit the tunnel connection request message to the cloud service located in a public communication network that is communicably connected to the source communication network; and wherein the cloud service is configured and arranged to: receive the tunnel connection request message, extract, in response to receipt of the tunnel connection request message, the customer name and the indication of the requested service from the tunnel connection request message, retrieve, further in response to receipt of the tunnel connection request message, and in response to the customer name and the indication of the requested service extracted from the tunnel connection request message, i) an identifier of a cloud service connector located in the destination communication network that corresponds to the customer name extracted from the tunnel connection request, and ii) an identifier of a destination end point device located in the destination communication network that provides the requested service, wherein the destination communication network is also communicably connected to the public communication network, and wherein network traffic on the destination communication network is isolated from network traffic on the source communication network, and convey network traffic between the source end point device and the destination end point device through the cloud service by tunneling packets over connections i) between the cloud service connector located in the source communication network and the cloud service and ii) between the cloud service and the cloud service connector located in the destination communication network.

10. The system of claim 9 , wherein the cloud service is further configured and arranged to i) receive one or more configuration management messages, wherein the configuration management messages include an access control list for the source end point device and an access control list for the destination end point device, and ii) store the access control list for the source end point device and the access control list for the destination end point device into a connection permissions database in the cloud service; and wherein to convey the network traffic between the source end point device and the destination end point device through the cloud service the cloud service is further configured and arranged to: i) determine, from the connection permissions database, whether the access control list for the source end point device contains an identifier of the destination end point device, ii) determine, from the connection permissions database, whether the access control list for the destination end point device contains an identifier of the source end point device, and iii) convey the network traffic between the source end point device and the destination end point device in response to determining that the access control list for the source end point device contains an identifier of the destination end point device and that the access control list for the destination end point device contains an identifier of the source end point device.

11. The system of claim 9 , wherein the cloud service is further configured and arranged to: establish multiple connections between the cloud service connector located in the source communication network and the cloud service to provide fault tolerance and load balancing between the cloud service connector located in the source communication network and the cloud service; and establish multiple connections between the cloud service and the cloud service connector located in the destination communication network to provide fault tolerance and load balancing between the cloud service and the cloud service connector located in the destination communication network.

12. The system of claim 11 , wherein the cloud service is further configured and arranged to create an entry in a connection routing table that is contained in the cloud service, wherein the entry created in the connection routing table maps i) the connections established between the cloud service connector located in the source communication network and the cloud service, to ii) the connections established between the cloud service and the cloud service connector located in the destination communication network; and wherein to process packets tunneled to the cloud service, the cloud service is further configured and arranged to, responsive to the entry created in the connection routing table that maps i) the connections established between the cloud service connector located in the source communication network and the cloud service, to ii) the connections established between the cloud service and the cloud service connector located in the destination communication network: tunnel packets that are tunneled to the cloud service on the connections established between the cloud service connector located in the source communication network and the cloud service onto the connections established between the cloud service and the cloud service connector located in the destination communication network, and tunnel packets that are tunneled to the cloud service on the connections established between the cloud service and the cloud service connector located in the destination communication network onto the connections established between the cloud service connector located in the source communication network and the cloud service.

13. The system of claim 12 , further comprising: wherein the cloud service connector located in the source communication network is further configured and arranged to: perform data compression on packets received by the cloud service connector located in the source communication network from the source end point device, to generate compressed versions of the packets received by the cloud service connector located in the source communication network from the source end point device, and tunnel the compressed versions of the packets received by the cloud service connector located in the source communication network to the cloud service through the connections established between the cloud service connector located in the source communication network and the cloud service; wherein the cloud service connector located in the destination communication network is further configured and arranged to: decompress packets tunneled to the cloud service connector located in the destination communication network from the cloud service, performing data compression on packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate compressed versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device, and tunnel the compressed versions of the packets received by the cloud service connector located in the destination communication network to the cloud service through the connections established between the cloud service connector located in the destination communication network and the cloud service; and wherein the cloud service connector located in the source communication network is further configured and arranged to: decompress packets tunneled to the cloud service connector located in the source communication network from the cloud service.

14. The system of claim 13 , further comprising: wherein the cloud service connector located in the source communication network is further configured and arranged to: perform data encryption on packets received by the cloud service connector located in the source communication network from the source end point device, to generate encrypted versions of the packets received by the cloud service connector located in the source communication network from the source end point device, and tunnel the encrypted versions of the packets received by the cloud service connector located in the source communication network to the cloud service through the connections established between the cloud service connector located in the source communication network and the cloud service; wherein the cloud service connector located in the destination communication network is further configured and arranged to: decrypt packets tunneled to the cloud service connector located in the destination communication network from the cloud service, perform data encryption on packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate encrypted versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device, and tunnel the encrypted versions of the packets received by the cloud service connector located in the destination communication network to the cloud service through the connections established between the cloud service connector located in the destination communication network and the cloud service; and wherein the cloud service connector located in the source communication network is further configured and arranged to: decrypt packets tunneled to the cloud service connector located in the source communication network from the cloud service.

15. The system of claim 12 , further comprising: wherein the cloud service connector located in the source communication network is further configured and arranged to: perform data compression on packets received by the cloud service connector located in the source communication network from the source end point device, to generate compressed versions of the packets received by the cloud service connector located in the source communication network from the source end point device, perform data encryption on the compressed versions of the packets received by the cloud service connector located in the source communication network from the source end point device, to generate compressed and encrypted versions of the packets received by the cloud service connector located in the source communication network from the source end point device, and tunnel the compressed and encrypted versions of the packets received by the cloud service connector located in the source communication network to the cloud service through the connections established between the cloud service connector located in the source communication network and the cloud service; wherein the cloud service connector located in the destination communication network is further configured and arranged to: decrypt and decompress packets tunneled to the cloud service connector located in the destination communication network from the cloud service, perform data compression on packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate compressed versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device, perform data encryption on the compressed versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device, to generate compressed and encrypted versions of the packets received by the cloud service connector located in the destination communication network from the destination end point device, and tunnel the compressed and encrypted versions of the packets received by the cloud service connector located in the destination communication network to the cloud service through the connections established between the cloud service connector located in the destination communication network and the cloud service; and wherein the cloud service connector located in the source communication network is further configured and arranged to: decrypt and decompress packets tunneled to the cloud service connector located in the source communication network from the cloud service.

16. The system of claim 9 , further comprising: wherein to tunnel packets over connections between the cloud service connector located in the source communication network and the cloud service the cloud service connector located in the source communication network is further configured and arranged to encapsulate packets received by the cloud service connector located in the source communication network from the source end point device into the data portions of packets transmitted from the cloud service connector located in the source communication network to the cloud service over the connections established between the cloud service connector located in the source communication network and the cloud service; and wherein to tunnel packets over connections between the cloud service and the cloud service connector located in the destination communication network the cloud service connector located in the destination communication network is further configured and arranged to encapsulate packets received by the cloud service connector located in the destination communication network from the destination end point device into the data portions of packets transmitted from the cloud service connector located in the destination communication network to the cloud service over the connections established between the cloud service and the cloud service connector located in the destination communication network.

17. A non-transitory computer readable medium storing program code for providing communication connectivity between network devices that are located in isolated communication networks through a centralized cloud service, wherein the program code, when executed by processing circuitry, causes the processing circuitry to perform a method of: receiving, from a source end point device located in a source communication network, by a cloud service connector located in the source communication network, an initial connection request message, wherein the initial connection request message requests a connection on a port number that is contained in the initial connection request, and wherein the cloud service connector is separate and independent from the source end point device; retrieving, by the cloud service connector located in the source communication network, in response to receipt of the initial connection request message and based on the port number contained in the initial connection request message, both i) a customer name that corresponds to a destination communication network, and ii) an indication of a requested service, at least in part by using the port number contained in the initial connection request message as an index into a lookup table contained in the cloud service connector to cause the lookup table to return an entry in the lookup table corresponding to the port number and containing the customer name and the indication of the requested service, wherein the retrieved customer name and indication of the requested service name each correspond to the port number contained in the initial connection request; creating, by the cloud service connector located in the source communication network using the customer name and the indication of the requested service, a tunnel connection request message, wherein the tunnel connection request message contains the customer name and the indication of the requested service; transmitting the tunnel connection request message, by the cloud service connector located in the source communication network, to a cloud service located in a public communication network that is communicably connected to the source communication network; receiving the tunnel connection request message by the cloud service; extracting, by the cloud service in response to receipt of the tunnel connection request message, the customer name and the indication of the requested service from the tunnel connection request message; retrieving, by the cloud service further in response to receipt of the tunnel connection request message, and in response to the customer name and the indication of the requested service extracted from the tunnel connection request message, i) an identifier of a cloud service connector located in the destination communication network that corresponds to the customer name extracted from the tunnel connection request, and ii) an identifier of a destination end point device located in the destination communication network that provides the requested service, wherein the destination communication network is also communicably connected to the public communication network, and wherein network traffic on the destination communication network is isolated from network traffic on the source communication network; and conveying network traffic between the source end point device and the destination end point device through the cloud service by tunneling packets over connections i) between the cloud service connector located in the source communication network and the cloud service and ii) between the cloud service and the cloud service connector located in the destination communication network.